[^CLAIMS J 
What is claimed is: 

1 .6 i\ A method for securely establishing communication in a multicast group of nodes 
of a network, in which the network includes publisher nodes, subscriber nodes, a 
multi-master directory that stores information about events in the network and that 
can authenticate the subscriber nodes and the publisher nodes, whereby each of 
the subscriber nodes and the publisher nodes receives a unique private key and 
that can determinevevents that the subscribers and the publishers may process, the 
method comprising the steps of: 

registering the subscribers.and the publishers with an event server configured to 
determine whether th^spublishers are authorized to produce certain events 
corresponding to the eventtypes and whether the subscribers are 
authorized to receive the certain events in response to the step of 
accessing; 

generating, with the event server, a group se^on key for establishing one of the 
multicast groups, the group session key tteing encrypted in a message that 
has a prescribed format. 

2. The method as recited in Claim 1, further comprising the steps of: 

receiving a message from the subscribers in response to the subscribers 

determining whether the received message corresponds to a correct key 
version; 

updating the group session key; and 
selectively reregistering the subscribers at the event server. 
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[he method as recited in Claim 1, wherein the prescribed format of the message 
conforms with lightweight directory access protocol (LDAP). 
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The method as recited in Claim 1, wherein the prescribed format of the message 
comprises a protocol version number field, a message type field, and a message 
length field. 
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The method as recited in Claim 1, wherein the step of authenticating comprises 
controlling access by the directory in conjunction with utilizing an external 
authentication service that allows^extending membership of the multicast groups 
to subscribers with no corresponding objects in the directory. 



1 6. The method as recited in Claim 1, wherein^he external authentication service is 

2 supplied-by- a - K e rberos -s erv e r . ^ 



1 7. The method as recited in Claim 1, wherein the event server manages the private 

2 keys of the subscribers and the publishers. 
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^P^XThemethod as recited in Claim 1, wherein the step of updating comprises: 
creating ahe^v^oup session key; 

modifying the obj^ctebased upon the new group session key by using a change 

password protoco^^^^ 
sending a new message that contains the new group session key to the subscribers; 

and 

notifying the subscribers to reregister. 
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1 9. The method as recited in Claim 1, wherein the step of registering 

2 comprises performing access control check of the subscribers by the 

3 event server. 

1 \<j. y A communication system for creating a plurality of secure multicast groups in a 

2 network that includes a plurality of principals configured for functioning as a 

3 subscriber and a publisher, each of the principals having a private key, a multi- 

4 master directory comprising a directory server for communicating with one or 

5 more of the principals to authenticate each of the principals and to provide access 

6 control, the multi-rnaster directory controlling access on a per object and per 

7 attribute basis, the communication system comprising: 

8 an event server coupled to\the plurality of principals for registering the plurality of 

9 principals and for detennining whether the principals are authorized to 

10 produce certain events when the principals are functioning as publishers 

1 1 and whether the principals^e^authorized to receive the certain events 

12 when the principals are functioning as subscribers; and 

13 means in the event server for creating a gnnto session key for establishing one of 

14 the multicast groups, by distributing theSgroup session key in an encrypted 

15 message to the subscribers, the enciypted"rrtessage encapsulating the group 

16 session key according to a prescribed format; \ 

1 7 means in the event server for updating the group session key by utilizing a change 

1 8 password protocol to modify an object in the director^ 

19 means in the event server for notifying the subscribers to reregister in response to 

20 the updating of the group session key. 
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1 11. The communication system as recited in Claim 10, wherein the directory server is 

2 collocated with the event server, the directory server and the event server 

3 participating in a common one of the multicast groups. 

1 12. The communication system as recited in Claim 10, wherein the prescribed format 

2 of the message conforms with lightweight directory access protocol (LDAP). 

1 13. The communication system as recited in Claim 10, wherein the directory 

2 authenticates by controlling access in conjunction with utilizing an external 

3 authentication service that allows extending membership of the multicast groups 

4 to subscribers with no corresponding objects in the directory. 

1 14. The communication system as recited in Claim 13, wherein the external 

2 authentication service is supplied by a Kerberos server. 

1 15. The communication system as recited in Claim 10, wherein the prescribed format 

2 of the message comprises a protocol version number field, a message type field, 

3 and a message length field. 

1 16. The communication system as recited in Claim 10, wherein the event server 

2 manages the private keys. 

1 17. ^TTTTl?on«iiuiucation system as recited in Claim 10, wherein the event server 

2 updates the group sesstonjcey by performing the steps of: 

3 creating a new group session key; 
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4 nidifying the objects based upon the new group session key by using a change 

5 password protocol; 

6 sending a newrhe^sage that contains the new group session key to the subscribers; 

7 and 

8 notifying the subscribers to reregister. 

1 18. The communication system as recited in Claim 10, wherein the event server 

2 performs access control check of the subscribers during registration of the 

3 subscribers. 

19; ) A^somputer system for establishing multiple secure multicast groups, the 



computer system comprising: 

a communication interface for communicating with a plurality of nodes and for 
interfacmg a multi-master directory to authenticate the computer system 
and the plmulity of nodes, the multi-master directory having access 
controls on a per object and per attribute basis, wherein the nodes access 
the directory to determif\e events that the nodes may process; 



a bus coupled to the communicationsmterface for transferring data; 

one or more processors coupled to the bite for selectively generating a group 



session key and private keys corresponding to the plurality of nodes, the 
group session key being updated by utilizing a change password protocol 
to modify an object corresponding to the eventsHn the directory; and 
a memory coupled to the one or more processors via the buvthe memory 

including one or more sequences of instructions which wnfen executed by 
the one or more processors cause the one or more processors to^erform 
the steps of registering the plurality of nodes, determining whether rh^ 
nodes are authorized to produce and authorized to receive certain events 
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21 dorresponding to objects of the directory, distributing the group session 

22 key to the nodes via a message, the message encapsulating the group 

23 session k&yaccording to a prescribed format, and selectively reregistering 

24 the nodes in response to updating the group session key. 

1 20. The computer system as recited in Cimm 19, wherein the directory server is 

2 collocated with the event server, the directory server and the event server 

3 participating in a common one of the multicast^oups. 
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1 21 . The computer system as recited in Claim 19, wherein the prescribed format of the 

2 message conforms with light weight directory access protocol (LDAP). 

1 22. The computer system as recited in Claim 19, wherein the directory authenticates 

2 by using authentication services of the directory in conjunction with a Kerberos 

3 service that allows extending membership to the multicast groups to nodes with 

4 no objects in the directory. 

1 23* computer system as recited in Claim 19, wherein the event server manages 

2 privatfe^eys of the plurality of nodes. 

1 24. The computer system^s>^ecited in Claim 19, wherein the event server updates the 

2 group session key by performmg^the steps of: 

3 creating a new group session key; 

4 modifying the objects based upon the new groui)^ssion key by using a change 

5 password protocol; 

6 sending a new message that contains the new group session ke>Hp the subscribers; 

7 and 
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^aa otifvinf? the subscr ibe to reregister 



1 25. The computer system as recited in Claim 19, wherein the computer system 

2 performs access control check of the nodes during registration. 



1 



2o. computer-readable medium carrying one or more sequences of instructions for 

2 securely establishing communication in a multicast group of nodes of a network, 

3 in whibh the network includes publisher nodes, subscriber nodes, a multi-master 

4 directory tlW stores information about events in the network and that can 

5 authenticate thevsubscriber nodes and the publisher nodes, whereby each of the 

6 subscriber nodes andAe publisher nodes receives a unique private key and that 

7 can determine events thaUhe subscribers and the publishers may process, wherein 

8 execution of the one or more^equences of instructions by one or more processors 

9 causes the one or more processor^ perform the steps of: 

10 registering the subscribers and the publishers with an event server, the event 

1 1 server determining whether the publishers are authorized to produce 

12 certain events corresponding to the everrt types and whether the 

1 3 subscribers are authorized to receive the ceHain events in response to the 

14 step of accessing; 

1 5 generating a group session key for establishing one of the rrtalticast groups, the 

16 group session key being encrypted in a message that has^a prescribed 

1 7 format. 

1 27. A computer-readable medium as recited in Claim 26, further comprising the^teps 

2 of: 
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' / Receiving a message from the subscribers in response to the subscribers 

\ determining whether the received message corresponds to a correct key 
Nyersion; 
updating tnfe^ group session key; and 
selectively reregistering the subscribers at the event server. 

28. A computer-readable medium as recited in Claim 26, wherein the step of 



authenticating comprises co^itrolling access by the directory in conjunction with 
utilizing an external authentication service that allows extending membership of 
the multicast groups to subscribersswith no corresponding objects in the directory. 



29. A computer-readable medium as recited in Claim 26, wherein the step of updating 
comprises: \ 

creating a new group session key; \ 

modifying the objects based upon the new group session key by using a change 

password protocol; \ 
sending a new message that contains the new group sessioiUcey to the subscribers; 

and \ 
notifying Ae s ub s criber s to -xere gister. 

30. A computer-readable medium as recited in Claim 26, wherein the 
step of registering comprises performing access control check of the 
subscribers by the event server. 
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